Legal

Privacy Policy

Last updated: March 5, 2026

At QRDine, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our digital menu platform.

By using QRDine, you agree to the collection and use of information in accordance with this policy. We are committed to transparency and giving you control over your data.

TL;DR: We collect minimal data to run the service. We never sell your information. You can delete your account anytime. Your menu is public by design (that's the point).

1. Information We Collect

Account Information

When you register for QRDine, we collect:

  • Restaurant name and business information
  • Email address (for login and notifications)
  • Password (encrypted and never stored in plain text)
  • Phone number (optional, for account recovery)
  • Business location and operating hours

Menu Content

The menu information you create and upload:

  • Menu item names, descriptions, and prices
  • Food images you upload (stored securely on our servers)
  • Category organization and menu structure
  • Availability status and dietary information

Usage Analytics

To improve our service, we collect:

  • Login activity and dashboard usage patterns
  • Menu view counts and customer visit timestamps
  • Device types and browsers (aggregated, not personally identifiable)
  • IP addresses for security and fraud prevention
  • QR code scan locations (approximate, not precise GPS)

2. How We Use Your Information

  • Service Delivery: To host your digital menu, generate QR codes, and provide dashboard access.
  • Account Management: Authentication, password resets, and security notifications.
  • Analytics & Insights: Show you how customers interact with your menu (views, popular items, peak times).
  • Communication: Send important updates, feature announcements, and security alerts (no marketing spam).
  • Improvements: Analyze usage patterns to fix bugs and develop new features.
  • Legal Compliance: Respond to legal requests and prevent fraud or abuse.

3. Information Sharing & Disclosure

We do NOT sell your data. Period.

We only share information in these limited circumstances:

Public Menu Display

Your menu content is intentionally public — that's the entire purpose of QRDine. Anyone with your menu URL or QR code can view your restaurant name, menu items, prices, and images. This is by design.

Service Providers

We use trusted third-party services that have signed data processing agreements:

  • Cloud hosting providers for infrastructure (AWS, DigitalOcean, or similar)
  • Email service providers for transactional emails (SendGrid, Mailgun, or similar)
  • Image storage and CDN services for fast menu image loading
  • Payment processors (if you upgrade to paid features)

Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to protect our rights and users' safety.

Business Transfers

If QRDine is acquired or merged, your data may transfer to the new entity. You'll be notified and can delete your account if you disagree.

4. Data Security

We implement industry-standard security measures:

  • Encryption: All data transmission uses HTTPS/TLS. Passwords are hashed with bcrypt.
  • Access Control: Database access is restricted to authorized personnel only.
  • Regular Backups: Automated daily backups with 30-day retention for disaster recovery.
  • Monitoring: 24/7 security monitoring and intrusion detection systems.
  • Vulnerability Testing: Regular security audits and penetration testing.

However, no system is 100% secure. While we use best practices, we cannot guarantee absolute security. You're responsible for keeping your password confidential.

5. Your Data Rights

You have control over your information:

  • Access: View and download your account data anytime from the dashboard.
  • Update: Modify your restaurant information, menu content, and account settings instantly.
  • Delete: Permanently delete your account and data. Menu will be removed within 24 hours.
  • Export: Request a complete data export in machine-readable format (JSON/CSV).
  • Opt-Out: Unsubscribe from any non-essential communications (security alerts are mandatory).
  • Object: Request restriction of data processing for legitimate reasons.

To exercise these rights, contact us at privacy@qrdine.app. We'll respond within 30 days.

6. Cookies & Tracking

We use minimal cookies and tracking:

Essential Cookies

Required for the service to function (session management, authentication). These cannot be disabled.

Analytics Cookies

Help us understand how users interact with QRDine (aggregated data only). You can opt out via dashboard settings.

No Advertising Cookies

We don't use cookies for ads or cross-site tracking. Your browsing habits stay private.

7. Data Retention

We retain your data as long as your account is active. After deletion:

  • Menu content is removed within 24 hours
  • Personal information is deleted within 30 days
  • Backup copies are purged within 90 days
  • Anonymous analytics may be retained indefinitely (no personal identifiers)

Some data may be retained longer for legal compliance (e.g., financial records, legal disputes).

8. Children's Privacy

QRDine is not intended for children under 18. We do not knowingly collect information from minors.

If we discover a child's data has been collected, we'll delete it immediately. Parents/guardians who believe we have child data should contact us at privacy@qrdine.app.

9. International Users

QRDine operates globally. Your data may be processed in countries outside your own. By using QRDine, you consent to international data transfers.

EU Users (GDPR): We comply with GDPR requirements. You have enhanced rights including data portability and the right to be forgotten.

California Users (CCPA): California residents have additional rights regarding data disclosure and sale (which we don't do anyway).

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be announced via:

  • Email notification to registered users
  • Dashboard banner notification
  • Updated "Last modified" date at the top of this page

Continued use after changes take effect means you accept the new policy. If you disagree, delete your account before the changes take effect.

Privacy Questions?

We're here to help. Contact our privacy team:

Privacy Team: privacy@qrdine.app

Data Requests: Use subject line "Data Request - [Your Restaurant Name]"

Response Time: Within 30 days (usually much faster)